我已经在SpringBoot中实现了一些简单的方法来验证用户身份,它返回JWT并验证用户,但应用程序停止给出实际正文的响应,并开始发送空的200个响应,知道为什么会这样吗?根据调试器的说法,程序永远不会在我试图调用的请求上结束,但JWT的授权总是成功的
我的班级
JWTService个
@Service
public class JwtService {
private static final String SECRET_KEY = "32bitkey";
public String extractEmail(String token) {
return exctractClaim(token, Claims::getSubject);
}
public <T> T exctractClaim(String token, Function<Claims, T> claimsResolver) {
final Claims claims = extractAllClaims(token);
return claimsResolver.apply(claims);
}
public String generateToken(
UserDetails userDetails) {
return generateToken(Map.of(), userDetails);
}
public String generateToken(
Map<String, Object> extraClaims,
UserDetails userDetails) {
return Jwts
.builder()
.setClaims(extraClaims)
.setSubject(userDetails.getUsername())
.setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 10))
.signWith(getSigningKey(), Signature算法rithm.HS256)
.compact();
}
public boolean isTokenValid(String token, UserDetails userDetails) {
final String email = extractEmail(token);
return email.equals(userDetails.getUsername()) && !isTokenExpired(token);
}
public boolean isTokenExpired(String token) {
return extractExpiration(token).before(new Date());
}
private Date extractExpiration(String token) {
return exctractClaim(token, Claims::getExpiration);
}
private Claims extractAllClaims(String token) {
return Jwts
.parserBuilder()
.setSigningKey(getSigningKey())
.build()
.parseClaimsJws(token)
.getBody();
}
private Key getSigningKey() {
byte[] keyBytes = Decoders.BASE64.decode(SECRET_KEY);
return Keys.hmacShaKeyFor(keyBytes);
}
Security filter chain个
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity security) throws Exception {
security
.csrf()
.disable()
.authorizeHttpRequests()
.requestMatchers(
"/fixture/getFixturesBySportAndDate",
"/user/register",
"/user/authenticate",
"/league/getLeaguesByFixturePlayedAtDateInSport",
"/team/fillTeamsHockey",
"/fixture/fillFixturesHockey",
"/fixture/fillFixturesBasketball")
.permitAll()
.anyRequest()
.authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthetificationFilter, UsernamePasswordAuthenticationFilter.class);
return security.build();
}
JwtAuthFilter个
@Component
@RequiredArgsConstructor
public class JwtAuthetificationFilter extends OncePerRequestFilter {
private final JwtService jwtService;
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void doFilterInternal(
@NonNull HttpServletRequest request,
@NonNull HttpServletResponse response,
@NonNull FilterChain filterChain
) throws ServletException, IOException {
final String authorizationHeader = request.getHeader("Authorization");
final String jwt;
final String email;
if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
filterChain.doFilter(request, response);
return;
}
jwt = authorizationHeader.substring(7);
email = jwtService.extractEmail(jwt);
if (email != null && SecurityContextHolder.getContext().getAuthentication() == null){
UserDetails userDetails = userDetailsService.loadUserByUsername(email);
if (jwtService.isTokenValid(jwt, userDetails)){
UsernamePasswordAuthenticationToken authenticationToken
= new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
authenticationToken.setDetails(
new WebAuthenticationDetailsSource().buildDetails(request)
);
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
}
}
Application Config个
@Configuration @RequiredArgsConstructor
public class ApplicationConfig {
private final UserRepository userRepository;
@Bean
public UserDetailsService userDetailsService() {
return username -> userRepository.findByEmail(username)
.orElseThrow(() -> new UsernameNotFoundException("User not found"));
};
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService());
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration cfg) throws Exception {
return cfg.getAuthenticationManager();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
Example request个
@GetMapping(value = "/getUserInfo")
public ResponseEntity<User> getUserInfo(HttpServletRequest request){
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String email = authentication.getName();
User user = userRepository.findByEmail(email).get();
return ResponseEntity.ok(user);
}
我试着基本上更改所有内容并调试信息,但无法完成,因为它只是给了我一个答案,即请求永远不会执行